The spy device in your pocket

What consumers need to know about the WikiLeaks spy claims.

Search underway for CIA leakerIn Congress, members said they were concerned that enemies of America could now use the CIA techniques against Americans.Andrew Brookes/Getty Images

 --
The explosive claims made by WikiLeaks on Tuesday — that the CIA can turn popular smartphones and televisions into remote spying devices — highlights how unwitting consumers have allowed their love for electronics to make them vulnerable to covert surveillance.

“It’s a boon for the good guys and the bad guys,” said, Tyler Cohen Wood, a former senior U.S. intelligence officer. “There is just so much information that is out there. Everywhere we go, our politics, when we’re home, we’re not home, our health, our pattern of life is out there, and it’s due to these devices.”

WikiLeaks’ allegations — made alongside the release of thousands of documents purported to be stolen from the CIA — have not been confirmed, but officials say they appear authentic.

Smartphone listening post

Assuming the documents’ veracity, the leaked documents call attention to how consumers have unwittingly made themselves vulnerable to hacking through the widespread adoption of smart mobile devices.

Over the past 10 years, smartphones have taken the consumer electronic market by storm.

Some 77 percent of people in the U.S. now own a smartphone, according to a November 2016 study by the Pew Research Center. That’s a marked increase from 2011, when just 35 percent of Americans said they owned a smartphone.

The techniques appear to go beyond wiretaps, with spooks supposedly having the ability to surreptitiously activate the microphone on a smartphone or smart TV without their target having a clue.

WikiLeaks claims that the “techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the smartphones that they run on and collecting audio and message traffic before encryption is applied.”

In a statement to ABC News, Apple said, “While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates.”

After original publication of this story, Heather Adkins, Director of Information Security and Privacy at Google, said in a statement to ABC News: "As we’ve reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities. Our analysis is ongoing and we will implement any further necessary protections. We've always made security a top priority and we continue to invest in our defenses."

As ABC News reported in August, cybersecurity researchers discovered at the time three major vulnerabilities in the Apple iPhone operating system affecting users worldwide and prompting the software giant to release a security update. The spy software in that case was able to scoop up messages from any number of apps — including encrypted chat applications like WhatsApp — because of its sophistication.

But Wood noted that the lack of diversity in the smartphone software market — dominated by the iOS and Android operating systems — means that any exploits mean that the number of possible targets are immense.

“In terms of smartphones, the majority of people do use the two operating systems, and that does enhance the landscape for vulnerability,” she said. “Android throughout the world is the most popular operating system for smartphones.”

“I cannot validate whether these are actual CIA documents that were leaked to WikiLeaks, but just in terms of vulnerabilities within these devices, it’s always been there,” she said. “Sometimes the vulnerabilities are very low tech, such as clicking a phishing email or someone clicking on a fake news site that puts malware on their device.”

Spy TV

Also contained in the more than 8,700 documents published by WikiLeaks on Tuesday are details of how U.S. intelligence officers — along with their counterparts at Britain’s MI5 domestic spy agency — were able to create a fake off mode for Samsung smart TVs.

With fake off activated, the TV appears to be off — with lights and the screen dark — but in reality the TV can collect audio and possibly video.

Asked about the WikiLeaks claims, Samsung said, “Protecting consumers’ privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

Protecting yourself

For consumers who have concerns, there are no perfect solutions, but there are available options that make the spooks’ job harder.

“One of the biggest issues you have on your phone is the other applications and the permission settings that you have on your device,” said Wood. “A lot of applications that you may download will request access to your microphone, your video, your photos, your geographic location.”

She said that some nontrustworthy companies may be “exfiltrating information about you” and that consumers should consider where the companies operate and their terms of use.

“Turning off settings that [you] don’t need is really the way that we’re going to be able to fight this battle,” she said.

She added that ensuring your devices are upgraded to the latest software will help protect you by patching any known vulnerabilities.

In extreme cases, when traveling to countries where spy agencies may been interested in planting spy software on your phone, consumers can take a cue from protocols that government employees follow — namely taking a spare, clean phone.
Senior staff members on Capitol Hill have long made a habit of taking a wiped device with them on foreign travel to countries where adversaries may be interested in surveilling them through their devices.

“We’re in cyberwarfare right now,” said Wood. “We’re moving more and more to this internet-connected world where everything is connected, and we’re going to hit a point where you’re not going to have a choice, you’re going to be involved.”